CVEs from 2019
Total
3,310
critical
critical 173
high
high 509
medium
medium 470
low
low 94
% Critical
5.2%
% with KEV
3.6%
% with exploit
4.4%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- oncommand_insight 4
- codeready_linux_builder_eus 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13272 | high | — | 10.0 | 5y ago | Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. | |||
| CVE-2019-5786 | high | — | 10.0 | 6y ago | Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2019-0211 | high | — | 9.5 | 5y ago | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute c… | |||
| CVE-2019-17026 | high | — | 9.5 | 5y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements. | |||
| CVE-2019-8943 | high | — | 9.0 | — | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two … | |||
| CVE-2019-9213 | high | — | 9.0 | 7y ago | RHSA-2019:1480: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-5736 | high | — | 9.0 | 7y ago | RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important) | |||
| CVE-2019-13721 | high | 8.8 | 8.8 | 7y ago | Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-25650 | high | 8.4 | 8.4 | 2mo ago | River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_en… | |||
| CVE-2019-25651 | high | 8.3 | 8.3 | 2mo ago | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 u… | |||
| CVE-2019-25642 | high | 8.2 | 8.2 | 2mo ago | Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can… | |||
| CVE-2019-25640 | high | 8.2 | 8.2 | 2mo ago | Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usi… | |||
| CVE-2019-6820 | high | 8.2 | 8.2 | 7y ago | A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a speci… | |||
| CVE-2019-5803 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13693 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-6474 | high | — | 8.0 | — | A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leas… | |||
| CVE-2019-5842 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2019-5865 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-19604 | high | — | 8.0 | — | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can… | |||
| CVE-2019-5856 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-9686 | high | — | 8.0 | — | arbitrary code execution in pacman | |||
| CVE-2019-5864 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8337 | high | — | 8.0 | — | In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | |||
| CVE-2019-5435 | high | — | 8.0 | — | An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | |||
| CVE-2019-8376 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… | |||
| CVE-2019-13711 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5848 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5855 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-14318 | high | — | 8.0 | — | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… | |||
| CVE-2019-25016 | high | — | 8.0 | — | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… | |||
| CVE-2019-6133 | high | — | 8.0 | — | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to la… | |||
| CVE-2019-13705 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-18222 | high | — | 8.0 | — | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to reco… | |||
| CVE-2019-5792 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13718 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5849 | high | — | 8.0 | — | Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-13695 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13701 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5787 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13699 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-7524 | high | — | 8.0 | — | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing c… | |||
| CVE-2019-13706 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-19977 | high | — | 8.0 | — | libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | |||
| CVE-2019-13717 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-9848 | high | — | 8.0 | — | LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLo… | |||
| CVE-2019-8381 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an… | |||
| CVE-2019-8907 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | |||
| CVE-2019-5797 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13700 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-6956 | high | — | 8.0 | — | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. | |||
| CVE-2019-8904 | high | — | 8.0 | — | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | |||
| CVE-2019-5867 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2019-12881 | high | — | 8.0 | — | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) o… | |||
| CVE-2019-5853 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8343 | high | — | 8.0 | — | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | |||
| CVE-2019-13708 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13702 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11683 | high | — | 8.0 | — | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have un… | |||
| CVE-2019-11461 | high | — | 8.0 | — | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … | |||
| CVE-2019-5868 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2019-1354 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |||
| CVE-2019-6473 | high | — | 8.0 | — | An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0… | |||
| CVE-2019-8905 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||
| CVE-2019-1350 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |||
| CVE-2019-19882 | high | — | 8.0 | — | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe… | |||
| CVE-2019-5847 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5790 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13694 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13696 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5791 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11741 | high | — | 8.0 | — | A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org a… | |||
| CVE-2019-8906 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | |||
| CVE-2019-5859 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5800 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5854 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-1351 | high | — | 8.0 | — | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |||
| CVE-2019-5793 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5860 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5852 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-3871 | high | — | 8.0 | — | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the … | |||
| CVE-2019-5796 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-0190 | high | — | 8.0 | — | multiple issues in apache | |||
| CVE-2019-18183 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-5858 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11734 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |||
| CVE-2019-13713 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8377 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… | |||
| CVE-2019-5799 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13719 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-6472 | high | — | 8.0 | — | A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. | |||
| CVE-2019-5802 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13715 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13709 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-16866 | high | — | 8.0 | — | Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | |||
| CVE-2019-13703 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-18182 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-13714 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5794 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11737 | high | — | 8.0 | — | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … | |||
| CVE-2019-5788 | high | — | 8.0 | — | multiple issues in chromium |